CVE-2022-31026

EPSS 0.3%
Veröffentlicht 09.06.2022 13:15:08
Zuletzt bearbeitet 21.11.2024 07:03:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trilogy Project ≫ Trilogy SwPlatformruby Version < 2.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.526

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962

Patch

Third Party Advisory

https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31026

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-31026